---
#
# Setup koji hub server. 
#
- name: install koji hub server packages
  yum: name={{ item }} state=installed
  with_items:
  - koji-hub
  - koji-hub-plugins
  - koji-web
  - koji-utils
  - mod_ssl
  - mod_wsgi
  - git
  - gnupg2
  tags:
  - packages

- name: make koji pki directory
  file: state=directory path=/etc/pki/koji/ owner=root group=root

- name: make koji pki subdirectories
  file: state=directory path=/etc/pki/koji/{{ item }} owner=root group=root
  with_items:
  - certs
  - private
  - confs

- name: hub config
  template: src=hub.conf.j2 dest=/etc/koji-hub/hub.conf owner=apache group=apache mode=600
  tags:
  - config
  notify: restart httpd

- name: kojiweb config
  template: src=web.conf.j2 dest=/etc/kojiweb/web.conf owner=apache group=apache mode=600
  tags:
  - config
  notify: restart httpd

- name: enable httpd_can_network_connect SELinux boolean for fedmsg
  seboolean: name=httpd_can_network_connect state=yes persistent=yes
  tags:
  - config

- name: koji fedmsg plugin
  copy: src=fedmsg-koji-plugin.py dest=/usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py
  tags:
  - config

- name: init koji ca key file
  copy: src={{ puppet_private }}/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem
  tags:
  - config

- name: install kojiweb_cert_key.pem
  copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
  tags:
  - config

- name: install koji_key.pem
  copy: src={{ puppet_private }}/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
  tags:
  - config

- name: install koji_cert.pem
  copy: src={{ puppet_private }}/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
  tags:
  - config

- name: Install koji ssl certs
  copy: src={{ puppet_private }}/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem
  tags:
  - config

- name: init kojiweb ca cert file
  copy: src={{ puppet_private }}/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem
  tags:
  - config

- name: instaall fedora-ca.cert in various places
  copy: src={{ puppet_private }}/fedora-ca.cert dest={{ item }} owner=apache
  with_items: 
  - /etc/kojira/extras_cacert.pem
  - /etc/pki/tls/certs/extras_cacert.pem
  - /etc/pki/tls/certs/extras_upload_cacert.pem
  - /etc/pki/tls/certs/upload_cacert.pem
  tags:
  - config

- name: install kojira_cert_key
  copy: src={{ puppet_private }}/koji/kojira_cert_key.pem dest=/etc/kojira/kojira_cert_key.pem owner=apache mode=600
  tags:
  - config

- name: updatecrl script
  copy: src=updatecrl.sh dest=/usr/local/bin/updatecrl.sh owner=root mode=755
  tags:
  - config

- name: koji web config files
  copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root
  with_items:
  - kojiweb.conf
  - kojihub.conf
  - mash.conf
  - rel-eng.conf
  - repo.conf
  tags:
  - config
  notify: restart httpd

- name: koji staging ssl config
  copy: src=koji-ssl.conf.stg dest=/etc/httpd/conf.d/ssl.conf
  tags:
  - config
  when: env == "staging"

- name: kojira config
  copy: src=kojira.conf dest=/etc/kojira/kojira.conf
  tags:
  - config

- name: make mnt/koji directory
  file: state=directory path=/mnt/koji/ owner=root group=root

- name: set sebooleans so koji can talk to the db
  seboolean: name=httpd_can_network_connect_db state=true persistent=true

- name: set sebooleans so koji can anon write
  seboolean: name=allow_httpd_anon_write state=true persistent=true

- name: Set httpd to run on boot
  service: name=httpd enabled=yes
  ignore_errors: true
  notify:
  - restart httpd
  tags:
  - service
